A team of researchers from Tsinghua University, the University of Maryland, and the Beijing University of Posts and Telecommunications has discovered a new vulnerability in Intel CPUs that can allow data leakage through the EFLAGS register.
The EFLAGS register is part of a computer’s central processing unit (CPU) that stores information about the state of the CPU and the results of previous instructions. It helps the CPU to make decisions and execute instructions.
Microprocessors from Intel, AMD, and other companies contain a newly discovered that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday.
Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that’s considerably less demanding.
Targeting DVFS
The team discovered that dynamic voltage and frequency scaling (DVFS)-a power and thermal management feature added to every modern CPU. That allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what’s required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely.
The researchers have dubbed their attack Hertzbleed because it uses the insights into DVFS to expose or bleed out-data that’s expected to remain private. The vulnerability is tracked as CVE- 2022-24436 for Intel chips and CVE-2022-23823 for AMD CPUs.
Computer processors by US technology company Intel are pictured on January 5, 2018, in Paris.
As tech giants race against the clock to fix major security flaws in microprocessors, many users are wondering what lurks behind unsettling names like “Spectre” or “Meltdown” and what can be done about this latest IT scare.
The flaw permits intruders to use timing analysis to decipher code that they would not have access to, according to the research team.
Side-channel Vulnerability
The newly discovered side-channel vulnerability is different from previous ones because it does not rely on the cache system, which makes it harder to detect. The team combined this vulnerability with a Meltdown attack to showcase its impact on several Intel CPUs.
Yu Jin, a co-author of the paper, stated that the complexity and aggressive optimization of modern CPUs with their numerous micro-architectural features contribute to various security issues, including side-channel attacks.
These attacks exploit non-code-related patterns, such as timing, power, consumption, and electromagnetic and acoustic emissions, to gain unauthorized access to computer systems.
It must be noted that a side-channel attack is a method of breaking into a computer system by exploiting weaknesses in the physical characteristics of the system, such as power consumption or electromagnetic radiation, rather than by directly attacking the software or hardware.
By analyzing these physical characteristics, an attacker can extract sensitive information, such as passwords or encryption keys, from the system.
In recent years, these types of attacks, such as Meltdown, Spectre, Fallout, and Zombieload, have become more common.
The team showcased that the security loophole impacts CPUs such as Intel Core i7-6700, i7-770, and 19-10980XE.
Moreover, they revealed that the Intel 11th generation CPUs exhibit greater resistance to these attacks, and the new 13th generation vPro processors from Intel offer even stronger protection against side-channel attacks.
